On 17/4/20 10:28 pm, Mark Thomas wrote:
On 16/04/2020 09:56, Brian Burch wrote:
On 15/4/20 6:24 am, Mark Thomas wrote:
I'd expect you to see an error message if your server.xml isn't quite
right although that is what this looks like.
There was no error message. I think my xml
On 15/4/20 6:24 am, Mark Thomas wrote:
On 14/04/2020 07:34, Brian Burch wrote:
I searched for usages of MessageDigestCredentialHandler.setAlgorithm,
but only found it used once - within TestJNDIRealm. I did not find any
occurrences within tomcat mainline code, but would not be surprised if
On 14/4/20 8:05 pm, Brian Burch wrote:
On 14/4/20 6:53 pm, logo wrote:
Brian,
see down below
Am 2020-04-14 08:34, schrieb Brian Burch:
My initial code inspection makes me strongly suspect tomcat does not
initialise JNDIRealm and a nested CredentialHandler properly during
startup
On 14/4/20 6:53 pm, logo wrote:
Brian,
see down below
Am 2020-04-14 08:34, schrieb Brian Burch:
I thought it would be helpful to start this issue on the users list
because it will contain a lot of helpful search terms.
I am upgrading a stable production tomcat 7.0.52 system to tomcat
I thought it would be helpful to start this issue on the users list
because it will contain a lot of helpful search terms.
I am upgrading a stable production tomcat 7.0.52 system to tomcat
8.5.54. Both were built from source code (tc8 cloned from git) and
compiled under openjdk8.
Many users
On 25/3/20 8:09 am, Mark Thomas wrote:
On 24/03/2020 22:00, Christopher Schultz wrote:
On 3/24/20 17:54, Brian Burch wrote:
So I had the source all along, but never thought to look there!
Seems like another case where the documentation is misleading to
someone who isn't familiar
ntation is misleading to someone
who isn't familiar with the current situation. (I'm used to two other
apache projects where all their web site and wiki source is in one
place, although updating it isn't trivial either!)
I'll get back to my main task now...
Brian
On 3/24/20 03:11,
On 24/3/20 5:45 pm, Martin Grigorov wrote:
Hi,
On Tue, Mar 24, 2020 at 9:12 AM Brian Burch wrote:
I'm quite baffled!
http://tomcat.apache.org/source.html gives me the url:-
http://svn.apache.org/repos/asf/tomcat/site
I made a clean "svn checkout" and referred to the READM
I'm quite baffled!
http://tomcat.apache.org/source.html gives me the url:-
http://svn.apache.org/repos/asf/tomcat/site
I made a clean "svn checkout" and referred to the README.txt about the
source files being xml formatted. I have all the html files, but the
instructions tell me the real sour
r thoughts,
Brian
Cheers,
Luis
[1]
https://db-blog.web.cern.ch/blog/luis-rodriguez-fernandez/2019-03-keeping-your-logs-clean-apache-tomcat-9-log4j2-and-spring-boot
El mié., 18 mar. 2020 a las 8:44, Brian Burch ()
escribió:
On 18/3/20 5:18 pm, Brian Burch wrote:
Could resist tinkering a bit more
On 18/3/20 5:18 pm, Brian Burch wrote:
Could resist tinkering a bit more, but I'll be in trouble because I'm
late for dinner!!
Success! I have just created the catalina.log file formatted according
to my own log4j2.xml.
Yes, it was my stupid mistake, but I'll write tomo
On 18/3/20 2:57 pm, Brian Burch wrote:
I have done quite a lot of experiments, but I will stick to the case
which appears to have produced the most encouraging(!) results.
I stumbled across
https://logging.apache.org/log4j/2.x/log4j-appserver/index.html.
This short page has significant
Thanks very much for your speedy and helpful reply, Mark.
Stupidly, I had forgotten to re-subscribe to the mailing list, so I
found your reply in the archive and cannot reply to it in-line!
not really!
I stumbled across
https://logging.apache.org/log4j/2.x/log4j-appserver/index.html.
This
I have a very frozen and stable tomcat 7.0.68 system with a lot of apps.
It was build from source and uses the extras tomcat-juli.jar with
log4j-1.2.17.jar.
Both tomcat and my webapps log successfully via log4j (except, of
course, the access log valve).
The time has come to bring the whole s
On 22/03/14 14:05, Mark Thomas wrote:
On 22/03/2014 12:25, Brian Burch wrote:
On 31/01/14 13:27, Brian Burch wrote:
On 31/01/14 12:48, Mark Thomas wrote:
On 31/01/2014 12:42, Brian Burch wrote:
Have I overlooked a configuration trick that would allow me to use the
webapp without a symlink
0
> From: br...@pingtoo.com
> To: users@tomcat.apache.org
> Subject: Re: Configuration of Default Servlet for a single Container?
>
> On 31/01/14 13:27, Brian Burch wrote:
> > On 31/01/14 12:48, Mark Thomas wrote:
> >> On 31/01/2014 12:42, Brian Burch wrote:
> >
On 31/01/14 13:27, Brian Burch wrote:
On 31/01/14 12:48, Mark Thomas wrote:
On 31/01/2014 12:42, Brian Burch wrote:
Have I overlooked a configuration trick that would allow me to use the
webapp without a symlink, but still have the Default Servlet access
external static content as if it were
On 31/01/14 12:48, Mark Thomas wrote:
On 31/01/2014 12:42, Brian Burch wrote:
Have I overlooked a configuration trick that would allow me to use the
webapp without a symlink, but still have the Default Servlet access
external static content as if it were internal?
http://tomcat.apache.org
I'm running Tomcat 7.0.42 under OpenJDK 7 on ubuntu linux 13.10, but I
don't think this information is particularly relevant to my question.
I currently have a servlet that relies on the standard Default Servlet
to handle its static content. Specifically, the webapp is apache jspwiki
and my co
On 12/12/13 08:56, Cyrille Le Clerc wrote:
Hello Christopher,
Delegating to log4j/logback/java.util.logging could be an option but it
would still greatly benefit of a refactoring to split the existing
AccessLogValve into an AbstractAccessLogValve with the formatting logic and
an AccessLogValve t
On 11/12/13 16:47, selvakumar netaji wrote:
Hi Brian,
Can you send us some sample unit tests if it doesn't violate any laws or
infringements.
Like tomcat itself, the unit tests are open source. The tests are all in
the tc7 and tc8 repositories! Just do a svn checkout or browse them online.
On 10/12/13 18:02, Mark Thomas wrote:
On 10/12/2013 17:13, Brian Burch wrote:
Some background first: I made a lot of changes to the Authenticator test
classes some time ago. That led to changes to some of the Authenticator
classes. The test classes are basically in pairs - "with" an
Some background first: I made a lot of changes to the Authenticator test
classes some time ago. That led to changes to some of the Authenticator
classes. The test classes are basically in pairs - "with" and "without" SSO.
I decided to revisit the entire test suite, trying to make them more
sel
On 10/06/13 12:09, Konstantin Kolinko wrote:
2013/6/10 Mark Thomas :
On 10/06/2013 11:19, Brian Burch wrote:
build.properties.default has:
junit.loc=http://cloud.github.com/downloads/KentBeck/junit/junit4.8.2.zip
I did a clean checkout and the download hangs indefinitely when I try to
run
build.properties.default has:
junit.loc=http://cloud.github.com/downloads/KentBeck/junit/junit4.8.2.zip
I did a clean checkout and the download hangs indefinitely when I try to
run the test target. wget of the url hangs too.
There are several similar entries on mail-archives.apache.org. Some
On 02/05/13 09:32, André Warnier wrote:
M Eashwar wrote:
Hi,
Anyone attacked with reference to below URL?
http://efytimes.com/e1/fullnews.asp?edid=105167&ntype=mor&edate=4/29/2013
Never heard of "EFYtimes" before, but considering what I have been
reading lately about bots, I would advise
On 05/03/13 08:03, Brian Burch wrote:
On 05/03/13 07:16, André Warnier wrote:
Sunil Shevante wrote:
Hi,
Is it possible to integrate a blog into my JSP website? Currently I
have manually created the directory structure within my war file.
My Site : www.investorschoolindia.com
Also as a
On 05/03/13 07:16, André Warnier wrote:
Sunil Shevante wrote:
Hi,
Is it possible to integrate a blog into my JSP website? Currently I
have manually created the directory structure within my war file.
My Site : www.investorschoolindia.com
Also as a subquestion, how can we deploy latest content
On 10/11/12 17:47, Russ Kepler wrote:
On Saturday, November 10, 2012 05:14:43 PM you wrote:
I thought it would helpful to let you know that I am very nearly ready
to submitting a lot of new unit tests for the FormAuthenticator class.
The new tests explore url path extensions to carry the sessio
On 10/11/12 17:47, Russ Kepler wrote:
On Saturday, November 10, 2012 05:14:43 PM you wrote:
I thought it would helpful to let you know that I am very nearly ready
to submitting a lot of new unit tests for the FormAuthenticator class.
The new tests explore url path extensions to carry the sessio
On 08/11/12 22:48, Russ Kepler wrote:
On Friday, November 09, 2012 01:02:55 AM Konstantin Kolinko wrote:
1. When and how do you obtain the value for your jsessionid? Beware
that the session id is changing when you do authentication. That is
done to prevent session fixation attacks.
The .jnlp
On 07/11/12 21:13, Alissa Schneider wrote:
Hi - I'm a novice Tomcat user. I've only used the tool to support
BusinessObjects. I recently was asked to set up SSL for the first time.
Initially I created my own self-signed certificate and was able to get
everything working fine, although I would
On 31/10/12 16:39, Daniel Mikusa wrote:
On Oct 31, 2012, at 10:23 AM, Brian Burch wrote:
On 26/10/12 13:24, Daniel Mikusa wrote:
On Oct 26, 2012, at 5:11 AM, Brian Burch wrote:
2.8. keytool -list -v -keystore jks-keystore shows the keystore contents as two
entries:
2.8.1. the first has an
On 26/10/12 13:24, Daniel Mikusa wrote:
On Oct 26, 2012, at 5:11 AM, Brian Burch wrote:
My production tomcat 7.0.26 (and its predecessors back as far as tc 5) have
been running with its original SSL server certificate in a JKS keystore for
many years.
I decided to retire my ancient java
On 26/10/12 16:12, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian,
On 10/26/12 5:11 AM, Brian Burch wrote:
I have another system with java-7-openjdk-i386, but I haven't yet
done any work on it. This openjdk does not ship with a keytool
program, and so I pr
My production tomcat 7.0.26 (and its predecessors back as far as tc 5)
have been running with its original SSL server certificate in a JKS
keystore for many years.
I decided to retire my ancient java-based Certificate Authority and
create a new CA using openssl 1.0.1 under ubuntu linux.
I fo
On 24/09/12 17:52, Mark Thomas wrote:
On 24/09/2012 11:41, Brian Burch wrote:
I draw the following conclusions:
1. A client that can accept a Set-Cookie for JSESSIONID will be able to
maintain a persistent session (is that incorrectly overloading a
reserved word?), no matter whether the
On 24/09/12 19:50, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian,
On 9/23/12 5:46 AM, Brian Burch wrote:
However, in the case where the client is not using cookies (my
test disables them for its Context), there does not appear to be a
way for the server to
On 23/09/12 11:10, Mark Thomas wrote:
Thanks for looking at my questions, Mark. I hoped you would find time,
because you fixed the original bug quite recently and would still
remember the rather convoluted logic for FORM authentication.
On 23/09/2012 10:46, Brian Burch wrote:
With
With reference to:
https://issues.apache.org/bugzilla/show_bug.cgi?id=53584
I reproduced the problem using the sample war on a back-level svn
version of the trunk, then confirmed the problem was fixed on a later level.
I have been developing a new unit test case in
org.apache.catalina.authen
On 24/01/12 08:50, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lau,
On 1/18/12 6:52 PM, Lau Eng Huat wrote:
I have a strange problem. I have deleted a servlet from the project
in netbeans but the uncompile source code still says the file
exist.
I'll bite. What do
On 07/01/12 00:59, Caldarale, Charles R wrote:
From: charan raj [mailto:charanraj...@gmail.com]
Subject: Re: is der any default username for tomcat?
can any one tell me how to install multiple tomcat instance
apart from c drive
1) Don't hijack threads.
2) Make at least a cursory attempt to
On 22/12/11 06:39, Jerry Malcolm wrote:
About a month ago, I upgraded two different servers from TC 5 to TC 7. The
migration went cleanly, and everything has been working fine with the
exception of one thing. About 50% of the time, when I log in to the realm
for my web app (form-based login),
On 09/12/11 18:02, oh...@cox.net wrote:
Hi Chuck,
Thanks for the pointer to the CombinedRealm, but, as I've been working with the
test implementation that I mentioned for extending the JNDIRealm, I *think*
that I'm coming to the realization that I was asking for is probably not
possible, or a
On 14/10/11 04:04, Brian Burch wrote:
I will go quiet for a few days while I checkout 6.0.28 and get it to
build.
Phew! That took me longer than I expected I got 6.0.28 to build,
then ran all the unit tests, then debugged the SSO logic and started to
understand it.
Then I (coded
On 13/11/11 04:32, Tobias Crefeld wrote:
Am Sat, 12 Nov 2011 07:21:58 -0500 schrieb whoswho:
Tomcat has been installed as a non-root user. I want to use SSL port
443 and not the deafult port 8443. When I modify the SSL connector,
and try connecting as 443, I get permission denied since the to
On 09/11/11 15:46, Daniel Baktiar wrote:
Probably you should instead do this:
$ cat /var/log/tomcat6
(I suspect it's the log file, not a tomcat6 folder).
No, it is because of permissions on the /var/log/tomcat6 directory...
you cannot cd to that directory as an ordinary user.
so these will w
On 15/10/11 23:27, Caldarale, Charles R wrote:
From: Brian Burch [mailto:br...@pingtoo.com]
Subject: Re: WebApp access to a LAN share
Well, for a start a webapp is not normally allowed to access
files outside its own container...
Unless you've configured Tomcat to use a security ma
On 15/10/11 19:38, Léa Massiot wrote:
Hello,
Thank you for reading my post.
Here is my problem:
- I have two machines S and M on the same LAN.
- S is a Debian machine running a Tomcat server.
- And I have a WebApp W deployed on this Tomcat server.
- M is a Windows machine which hosts some file
On 15/10/11 14:47, Yogesh Shankarappa wrote:
Thanks for your response. I tried your suggestion, unfortunately it did not
work.
There must be a solution for this as most web applications have both public
and
protected URLs.
*public URLs*
Unprotected
/public/
On 13/10/11 15:14, Brian Burch wrote:
On 13/10/11 11:39, Brian Burch wrote:
To summarise: the webapp's explicit timeout is not being honoured
because its web.xml does not define a section. Therefore,
the webapp has defaulted to use the NonLoginAuthenticator - which
honours the existin
On 13/10/11 15:14, Brian Burch wrote:
I beleve the division of responsibilities between the AuthenticatorBase
abstract class and its extension classes is wrong. At the moment, it is
the responsibility of the concrete class authenticate methods to add the
Session to the existing SingleSignOnEntry
On 13/10/11 11:39, Brian Burch wrote:
To summarise: the webapp's explicit timeout is not being honoured
because its web.xml does not define a section. Therefore,
the webapp has defaulted to use the NonLoginAuthenticator - which
honours the existing SSO state (via the client cookie), but
On 13/10/11 05:29, Konstantin Kolinko wrote:
What happens when an non-authenticated user accesses one of those webapps?
It just rejects it with 403, or it should display a login form (and
authenticate him/her and create a SSO cookie), or redirect to another
webapp that has a login form?
Sorry,
On 12/10/11 12:35, Brian Burch wrote:
I've successfully run a remote debugger session against the SingleSignOn
Valve while it is handling my timeout scenario.
Interestingly, the logic to handle the timeout of a single webapp is
exactly as I wanted it to be... only the specific Sessi
On 12/10/11 17:51, Woonsan Ko wrote:
One simple strong reason is that I don't want to run tomcat by root.
The debian/ubuntu deb package installs tomcat6 so that it uses authbind
to listen on ports < 1024, and it runs under its own non-root uid/gid. I
was very impressed when I converted from t
On 12/10/11 12:51, Konstantin Kolinko wrote:
Something becomes clearer.
Remembering the session as associated with ssoid is performed by
SingleSignOn.associate(..) method. This method is called by
AuthenticatorBase class.
Those webapps with long living sessions - are they protected by
security
On 11/10/11 22:24, Christopher Schultz wrote:
I'm not an expert at SSO, nor have I ever used it on any of my
projects. All my answers should be considered suspicious :)
>
So, it looks like the Valve should *not* be expiring your SSO when the
"static" webapp's session expires. Can you confirm th
IN PGP SIGNED MESSAGE-
Hash: SHA1
Brian,
On 10/11/2011 12:35 PM, Brian Burch wrote:
OK, I think I understand the distinction you are making, which is
consistent with there being a Session array (rather than a simple
field) in the SingleSignOnEntry class.
I haven't looked at the impl
-
Hash: SHA1
Brian,
On 10/11/2011 10:09 AM, Brian Burch wrote:
6. The user tries to refresh the second webapp's page after about
25 minutes, but the GET fails with 403 status and the explanation
"access to resource has been denied". Apparently, the user's
session has been
NCE property, but it doesn't
really make a lot of sense to me and I'm not sure whether it is relevant
to my problem.
Does my description make sense? I'm not sure whether I am looking at a
bug, or simply a case of how it is intended to work. Does anyone have
any helpful suggesti
61 matches
Mail list logo
